EPDP on the Temporary Specification for gTLD Registration Data

Page History

Versions Compared

Old Version 2

changes.mady.by.user Terri Agnew

Saved on Apr 23, 2020

compared with

New Version Current

changes.mady.by.user Terri Agnew

Saved on Apr 28, 2020

Key

This line was added.
This line was removed.
Formatting was changed.

...

For other times: https://tinyurl.com/y8wn422m

Info
PROPOSED AGENDA Roll Call & SOI Updates Discussion of new Bird & Bird Memos a. Automation Use Cases i) Discuss takeaways Recommendations #7 and #16: What updates, if any, are necessary to factor in the legal advice and make recommendations to the EPDP team? ii) Are follow-up questions necessary? iii)Is the executive summary suitable for sending to the EPDP Team, or does this require Legal Committee editing? b) Whois Accuracy i) Are follow-up questions necessary? c) Agree on next steps 3. Wrap and confirm next meeting to be scheduled (if any) a) Confirm action items b) AOB Recommendation #7 Authorization for automated disclosure requests For disclosure requests for which it has been determined that these can be responded to in an automatic fashion (i.e. no human intervention required) the following requirements will apply: The Central Gateway Manager MUST confirm that all required information as per preliminary recommendation #3 ‘criteria and content of requests’ is provided and that the request meets the criteria established in these policy recommendations (and is confirmed during the implementation phase) to qualify as an automated disclosure request. Should the Central Gateway Manager determine that the request is incomplete, the Central Gateway Manager MUST reply to the requestor with an incomplete request response, detailing which required data is missing, and provide an opportunity for the requestor to amend its request. Responses to SSAD requests MUST be provided consistent with the SLAs outlined in preliminary recommendation #8. With respect to disclosure requests that would be sent to a Contracted Party for manual evaluation, a Contracted Party MAY request the Central Gateway to fully automate all, or certain types of, disclosure requests. A Contracted Party MAY retract or revise a request for automation that is not required by these policy recommendations at any time. Implementation Guidance The EPDP Team expects that the following types of disclosure requests can be fully automated (in-take as well as response) from the start: Requests from Law Enforcement in local or otherwise applicable jurisdictions; Responses to UDRP and URS Providers for registrant information verification. The EPDP Team will further consider if other types of disclosure requests can be fully automated Day 1[1]. Over time, based on experience gained and/or further legal guidance, the Mechanism for the evolution of SSAD is expected to provide further guidance on which types of disclosure requests can be fully automated. Recommendation 16: Automation The EPDP Team recommends that the receipt, authentication and transmission of SSAD requests be fully automated insofar as it is technically feasible. The EPDP team recommends that disclosure decisions SHOULD be automated only where technically and commercially feasible[2] and legally permissible. In areas where automation does not meet these criteria, standardization of disclosure decisions is the baseline objective. For example, the EPDP Team expects that aspects of the SSAD such as intake of requests, credential check, request submission validation (format & completeness, not content) could be automated, while it may not be possible to completely automate all request review and disclosure. The SSAD MUST allow for the automation of syntax checking of incoming requests, resulting in an automatic response that indicates the errors to the requestor. This automation addresses the risk of filling up the request queues of the discloser with malformed requests. The SSAD MUST allow for the automation of checking that the contents of a request is complete, per policy, resulting in an automatic response that provides details explaining what elements are incomplete. This automation allows for the discloser to indicate - without human intervention - if any additional information is required per policy and enables the requestor to address the error. The SSAD MUST allow for the automation of an immediate and synchronous response that indicates the receipt of a valid request and some indication that it will be processed. Typically, such responses include a "ticket number" or some kind of unique ID to allow for future queries (status, updates, deletion, etc.). This automation allows for efficient queue management on the discloser’s side and assists in ensuring the principal of "predictability" is met. The SSAD MUST allow for automation of the processing of well-formed, valid, complete, properly-identified requests from accredited users with some limited and specific set of legal basis and data processing purposes which are currently described in Preliminary Recommendation #7 but still under discussion. These requests MAY be automatically processed and result in the disclosure of non-public RDS data without human intervention. [1] To review the other types of disclosure requests that have been proposed by certain groups for automation which will be further discussed by the EPDP Team, please see https://community.icann.org/x/BhSJBw. [2] Initial consideration of the financial feasibility of automation will be addressed by the ICANN org with the Implementation Review Team and subsequently by the mechanism for the evolution of SSAD, as applicable. BACKGROUND DOCUMENTS

Info

PROPOSED AGENDA

Roll Call & SOI Updates
Discussion of new Bird & Bird Memos

a. Automation Use Cases

i) Discuss takeaways

Recommendations #7 and #16: What updates, if any, are necessary to factor in the legal advice and make recommendations to the EPDP team?

ii) Are follow-up questions necessary?

iii)Is the executive summary suitable for sending to the EPDP Team, or does this require Legal Committee editing?

b) Whois Accuracy

i) Are follow-up questions necessary?

c) Agree on next steps

3. Wrap and confirm next meeting to be scheduled (if any)

a) Confirm action items

b) AOB

Recommendation #7 Authorization for automated disclosure requests

For disclosure requests for which it has been determined that these can be responded to in an automatic fashion (i.e. no human intervention required) the following requirements will apply:

The Central Gateway Manager MUST confirm that all required information as per preliminary recommendation #3 ‘criteria and content of requests’ is provided and that the request meets the criteria established in these policy recommendations (and is confirmed during the implementation phase) to qualify as an automated disclosure request.
Should the Central Gateway Manager determine that the request is incomplete, the Central Gateway Manager MUST reply to the requestor with an incomplete request response, detailing which required data is missing, and provide an opportunity for the requestor to amend its request.
Responses to SSAD requests MUST be provided consistent with the SLAs outlined in preliminary recommendation #8.

With respect to disclosure requests that would be sent to a Contracted Party for manual evaluation, a Contracted Party MAY request the Central Gateway to fully automate all, or certain types of, disclosure requests. A Contracted Party MAY retract or revise a request for automation that is not required by these policy recommendations at any time.

Implementation Guidance

The EPDP Team expects that the following types of disclosure requests can be fully automated (in-take as well as response) from the start:

Requests from Law Enforcement in local or otherwise applicable jurisdictions;
Responses to UDRP and URS Providers for registrant information verification.

The EPDP Team will further consider if other types of disclosure requests can be fully automated Day 1[1]. Over time, based on experience gained and/or further legal guidance, the Mechanism for the evolution of SSAD is expected to provide further guidance on which types of disclosure requests can be fully automated.

Recommendation 16: Automation

The EPDP Team recommends that the receipt, authentication and transmission of SSAD requests be fully automated insofar as it is technically feasible.

The EPDP team recommends that disclosure decisions SHOULD be automated only where technically and commercially feasible[2] and legally permissible. In areas where automation does not meet these criteria, standardization of disclosure decisions is the baseline objective.

For example, the EPDP Team expects that aspects of the SSAD such as intake of requests, credential check, request submission validation (format & completeness, not content) could be automated, while it may not be possible to completely automate all request review and disclosure.

The SSAD MUST allow for the automation of syntax checking of incoming requests, resulting in an automatic response that indicates the errors to the requestor. This automation addresses the risk of filling up the request queues of the discloser with malformed requests.

The SSAD MUST allow for the automation of checking that the contents of a request is complete, per policy, resulting in an automatic response that provides details explaining what elements are incomplete. This automation allows for the discloser to indicate - without human intervention - if any additional information is required per policy and enables the requestor to address the error.

The SSAD MUST allow for the automation of an immediate and synchronous response that indicates the receipt of a valid request and some indication that it will be processed. Typically, such responses include a "ticket number" or some kind of unique ID to allow for future queries (status, updates, deletion, etc.). This automation allows for efficient queue management on the discloser’s side and assists in ensuring the principal of "predictability" is met.

The SSAD MUST allow for automation of the processing of well-formed, valid, complete, properly-identified requests from accredited users with some limited and specific set of legal basis and data processing purposes which are currently described in Preliminary Recommendation #7 but still under discussion. These requests MAY be automatically processed and result in the disclosure of non-public RDS data without human intervention.

[1] To review the other types of disclosure requests that have been proposed by certain groups for automation which will be further discussed by the EPDP Team, please see https://community.icann.org/x/BhSJBw.

[2] Initial consideration of the financial feasibility of automation will be addressed by the ICANN org with the Implementation Review Team and subsequently by the mechanism for the evolution of SSAD, as applicable.

BACKGROUND DOCUMENTS

Info